Updating an intermediate CA for a 128 bit SSL cert
We found a 128 bit SSL cert that was affected by the Verisign server shutdown on 1/7/2004. I need to update the intermediate CA for a 5.1 and 6.1 Web Logic server. Where can I find information on how to do this?
Thanks.
download from
http://www.verisign.com/support/roots.html
Scott Stanforth <[email protected]> wrote:
We found a 128 bit SSL cert that was affected by the Verisign server
shutdown on 1/7/2004. I need to update the intermediate CA for a 5.1
and 6.1 Web Logic server. Where can I find information on how to do
this?
Thanks.
Similar Messages
-
We are using domestic strength SSL (128 bit) with Weblogic
5.1 sp5. It looks like browsers that support 128-bit
encryption are fine, but those that support a lower
encryption level (i.e. 56-bit or 40-bit) cannot connect. I
was expecting this, but is there anyway to find out what
browser is being used and let them know that they need a new
browser? I know we can do this when they connect via HTTP,
but what if they connect directly to a secure page? Getting
a "Page cannot displayed message" isn't the best option.
BTW the error message that I am getting when those browsers
connect is a "BadMACException"? Has anyone had any
experience with this? Is this caused by browsers that
connect at the wrong encryption levels?
Thanks,
Shaun
Robert Patrick wrote:
From my understanding, it is already included in the code you have. You
just need to get a special license key from your BEA sales rep...
Actually yes or no on this:
Yes the installer bundles both "export" and "domestic(128bit)" files in
them; however, the domestic files will be installed only when domestic
strength license is detected at the installation time. So if you get a
domestic strength license after you installed the product, you will need to
reinstall the product with your new domestic strength license in place
($BEAHOME).
-Dan
>
BEA Systems wrote:
Does anybody know where I can get 128-bit SSL for Weblogic Server 6.0? -
CSS 40/128 bit SSL recognition
Is it possible for a CSS (11501 SSL) to detect the browser version of an incoming client to see if he is able to do 128 bit SSL or only 40 bit SSL? Is that in the HTTP header, if so, where / which string / ...?
Thanks for any helpful comment,
Ulithe CSS in general can detect the browser type with the command 'header-field-group' and the 'header-field user-agent ...'
Otherwise, when you define your ssl-server, you need to specify the cipher mode accepted by the module.
You can list 40 bits cypher modes and 128 bits cipher modes.
The SSL protocol will negotiate the best one.
Gilles -
Does firefox browser support 128-bit SSL?
I am trying to access a bank i work for who just upgraded their system.
Firefox supports 256 bit since 2002 in Firefox 2, so 128 bit is no problem.
* https://www.fortify.net/sslcheck.html
If websites complain about 128 bit encryption not available then that can be caused by the "U;" that is no longer present in the Firefox 4 user agent.
*http://en.wikipedia.org/wiki/User_agent#Encryption_strength_notations
You can see the current user agent on the Help > Troubleshooting Information page.
You can try to add "U;" via variations for the user agent setting like posted below via the pref general.useragent.override to see if that works.
If you update Firefox then you need to adjust the Gecko (rv:) and Firefox version to reflect the currently installed version.
Some examples (Vista is 6.0 - Windows 7 is 6.1):
* Mozilla/5.0 (Windows NT 6.0; U; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
* Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
* User Agent Switcher: https://addons.mozilla.org/firefox/addon/59 -
I get a download error when I try to update to 10.5 for Windows 64 bit.
I had to revert back to previous version but library file is the new version. It starts downloading like normal and then begins to back up. I tried to do it manual with same results. Any ideas?
You can't, Anh. That's what people are telling you. At this time there's no way to get out of recovery mode. You're playing around with beta software and this is what you get.
Tell your "developer friend" he needs to talk to other developers to see if this can be fixed, or have him replace your devices that you should never have let him play with to begin with. -
SSL 128 bits on OAS 4.0.8.1 for LINUX ?
We used to use the solaris version. To reduce cost, we are moving to Linux. Before, when you needed 128 bits security, you had to order a special patch from tech support.
The linux version we received is the export version and it is NOT 128 bits SSL.
Does 128 bits SSL exist ?
Also, LINUX support from oracle seems REALLY BAD. I'm wondering if we're doing a nice move here... ?
Thanks
nullAfter I fixed some of the things I broke while searching for the wrksf failure, the PL/SQL Cartridge now works for me too. And, after failing to get the DB Browser to work by loading it into the SCOTT schema, I got it to work by loading it into SYS. (SCOTT can't see the DBA_* views so loading the DB Browser into the database failed.) I haven't tried any Java Servlets yet, but that's next on my list.
If you want to try my wrksf workaround, rather than using Christoph's, here's how you can do it.
1. Backup liborb.so in the $ORACLE_HOME/orb/4.0/lib directory, just in case something goes wrong.
2. Using a hex editor, such as emacs hexl-find-file or ghex, to edit liborb.so, find the string "/proc/stat".
3. Change the directory, "/proc" to something like "/pfoo" and write the shared library file back to liborb.so. You now have the required modified liborb.so.
4. Make the /pfoo directory and cp /proc/stat /pfoo.
5. Edit /pfoo/stat and duplicate the first line, which should be the cpu line. This will let the metrics parser handle it. Make sure that /pfoo/stat has read access.
Of course, the values that the metrics code gets are now bogus, but that does not seem to be a fatal problem.
Hopefully somebody from Oracle is reading this and the real fix will be in the mail soon. -
WLS (40-bit) to WLS (128 bit) installation
Hopefully this will help shed some light on the subject.
Terry
If you receive the following warning:
<I> <Security> WARNING: Exportable (weak) WebLogic Server build running and
domestic (full) strength SSL license detected. Only exportable strength SSL
connections will be accepted.
This indicates that you have a full strength certificate but a weak strength
build of the server. For full strength encryption there is a different WLS
build. The generally-available (weak/40-bit) version of WLS 5. 1 supports
512-bit certificates and 40-bit bulk data encryption. The full strength
(128-bit) WLS 5.1 build supports 768-bit and 1024-bit certificates and
128-bit bulk data encryption. Your sales contact can provide the required
forms and a special URL to download the full strength build of WebLogic.
The installation for the 128-bit version is the same as the installation for
the 40-bit version. When converting to the 128-bit version a complete
re-installation is necessary. If you are installing service packs, please
note that although Service Packs 1-5 are the same for both the 40-bit and
128-bit versions, SP6 for the 128-bit version is a controlled release. In
order to obtain SP6 for WLS 5.1 (128-bit), you will need to contact your
sales representative who will be able to provide a URL where it can be
downloaded.
Some other notes concerning the 128-bit installation. First, ensure that
you are using the permanent license that has been updated with the 128-bit
key. Second, for information on setting up WLS SSL (i.e. installing
1024-bit security certificates), please see the documentation at:
http://www.weblogic.com/docs51/classdocs/API_secure.html.
It is my understanding that the difference between the 40-bit and 128-bit
versions of WLS 5.1 is in the encryption/decryption module. Since the
difference is limited to this particular module, transitioning from the
40-bit to the 128-bit version should be transparent as far as WLCS (3.1.1
SP1 & 2.01 SP2) is concerned. This is supported by the fact that there is a
single version of WLCS for both domestic use and export use.
A couple of general notes concerning WLCS 3.1.1/2.0.1 installations running
on top of WLS 5.1 (40-bit or 128-bit) SP6:
WLCS 3.1.1: To date, support cases have not been received with a WLCS
3.1.1 installation running on top of WLS
5.1 (40-bit/128-bit) SP6 where SP6 has been determined to be the
problem.
WLCS 2.0.1: With one minor exception (see Solution S-05838 below),
support cases have not been received with a
WLCS 2.0.1 installation running on top of WLS 5.1 (40-bit/128-bit) SP6
where SP6 has been determined to be the
problem.
A couple of general notes concerning WLCS 2.01 and WLS 5.01 (40- or 128-bit)
Service Packs 1-6:
- There have been problems when using SP1, SP2 and SP3 for WLS 5.
- Therefore, SP4 (minimum) is required.
- To date, support cases have not been received where SP5 has been
determined to be a problem.
- There is one small issue related to SP6 (see Solution S-05838 below).
Otherwise, support cases have not been
received where SP6 has been determined to be a problem.
- Following the SP6 installation, all the JSPs will need to be
recompiled. Due to the custom tags used in WLCS 2.0.1,
the JSPs cannot be pre-compiled. Therefore, recompiling will occur as
the pages are accessed.
Please see the release notes that accompany each service pack downloads for
issues that are resolved with each particular
service pack.
Solution S-05838
A better solution to the problem: WLCS 2.0.1 only: DataLoader script causes
ASCClientException with WLS 5.1 SP6
Old Solution:
Use WLS 5.1 SP5 to run the DataLoader, THEN upgrade to SP6.
New Solution:
You can run the DataLoader without exceptions for WLCS 2.0.1 SP2 and WLS 5.1
SP6 if you modify the script to use t3 socket connections instead of http.
Open the DataLoader script for editing and change the two appearances of
"http://" to "t3://".You need to contact your sales rep and get the domestic strength version of
WLS.
Michael Girdley
Product Manager, WebLogic Server
BEA Systems Inc.
Ravi Kumar.T <[email protected]> wrote in message
news:8945ju$lu8$[email protected]..
Where to specify the no of bits for encryption for SSL. Is it depend on
verisign certificates installed!!
We are using we weblogic 4.5.1 on Solaris. and my site is having following
encryption
SSL 3.0, RC4 with 40 bit encryption (Low); RSA with 512 bit exchange
and I have seen some other sites are having
SSL 3.0, RC4 with 128 bit encryption (High); RSA with 1024 bit exchange
thanks..
ravi -
WEP 128 bit 26 hex digit problem
Can't seem to use the passwords generated by the linksys router for WEP 128 bits 26 hex digits encryption. WEP 64 bits works. Why?
ThanksThe $ before the password didn't work. Tried WEP password and 40/128 hex but 40/128 hex won't allow a $ before the password. I wish there was a place to just use the Passphrase on the Mac. Using a linksys router.
-
Whether XI (3.0, SP 16) is capable of doing 128 bit SSL Encryption? We are in the process of making a bridge with our external partners (B2B).
We want to install Certificates, and want to do the Encryption?
Who will install the Certificates? From where we can buy these certificates?
Who will do this process?
What are all the other points that we need to remember when we do this 128 bit Encryption?
ThanksHi,
SSL is supported by WebAS, and XI is just an application on top of it. The certificates are entered using the Visual Administrator, and also in the ABAP environment, depending on whether you also plan to use it with the SOAP adapter. The configuration is normally done by the basis person.
128-bit is supported. You can get certificates from various providers, e.g. Verisign. To work with a partner who has an user certificate, that user will have to provide you with his public certificate.
The XI Configuration Guide that comes with the installation CD have the instructions. Also, you can access that following weblogs for additional info:
/people/gregor.wolf3/blog/2005/10/11/setup-https-ssl-for-the-sneak-preview-sap-netweaver-04-abap-edition-on-windows
/people/thomas.jung3/blog/2005/05/13/calling-webservices-from-abap-via-https
Regards,
Bill -
Problems with IE and 128-bit encryption -- correction
Repost with corrected e-mail address -- sorry!
Hello. I'm having a problem with 128-bit SSL and Internet Explorer.
I'm using WebLogic 5.1 (128-bit build) and a Verisign certificate.
We're seeing some strange behavior with Internet Explorer. It seems to
work fine from some machines, but doesn't work from others. On the ones
that it doesn't work, it gives the "The page cannot be displayed"
message. I've tried this with IE 4.0.1 (with 128-bit patch) and IE 5.5
(128-bit by default) and have the same problems with both. We're seeing
this problem across various Windows operating systems, but aren't seeing
any pattern there. Any ideas as to what might be the problem?
Thanks in advance,
SteveThe Mozilla browsers which include Firefox has supported 256-bit even encryption for a long time now.
The issue could perhaps be the e-qip site is still looking for the old obsolete '''U''' in the useragent which was used to specify the encryption strength of 128-bit though 256-bit has been supported for a long while already at time by Mozilla applications. This "U" was removed in Firefox useragent as of 4.0 which was released March 22nd, 2011. The old 3.6.x was the last to have it.
http://en.wikipedia.org/wiki/User_agent#Encryption_strength_notations
https://hacks.mozilla.org/2010/09/final-user-agent-string-for-firefox-4/ -
Problems with IE and 128-bit encryption
Hello. I'm having a problem with 128-bit SSL and Internet Explorer.
I'm using WebLogic 5.1 (128-bit build) and a Verisign certificate.
We're seeing some strange behavior with Internet Explorer. It seems to
work fine from some machines, but doesn't work from others. On the ones
that it doesn't work, it gives the "The page cannot be displayed"
message. I've tried this with IE 4.0.1 (with 128-bit patch) and IE 5.5
(128-bit by default) and have the same problems with both. We're seeing
this problem across various Windows operating systems, but aren't seeing
any pattern there. Any ideas as to what might be the problem?
Thanks in advance,
SteveThis forum is for Microsoft Exchange. Consider posting your question in the most appropriate Windows 8.1 forum here:
http://social.technet.microsoft.com/Forums/windows/en-US/home?category=w8itpro
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." -
BB Browser Cipher RC4 128 bit Security Concerns
When you check Browserspy from your BlackBerry browser via this link:
http://browserspy.dk/
Then select "Security" from the list
Then select "SSL Encryption Check"
For my Z30 I get RC4 128 bit (see picture.)
I also get the same results using this test:
https://www.fortify.net/
There are security concerns for RC4 128 bit to the extent Microsoft has recommended not using it. See these two links:
http://en.wikipedia.org/wiki/RC4
http://technet.microsoft.com/en-us/library/cc179125.aspx
I do not have any device connecting to the web using RC4 128 bit.
Is there a way to change the cipher strength or order for the BlackBerry browser?
(Just as a side note - because BlackBerry uses WebKit for the browser (Apple uses WebKit) a lot of the browser tester sites pick it up as Safari. I woder if browser testing to determine market share doesn't flag some of Blackberry as Apple due to this "confusion.")
Solved!
Go to Solution.foryour information, here is what I get for my desktop browsers :
AES128 for Mozilla Firefox 36.0
AES128 for Google Chromium 42.0
AES256 for MS Internet Explorer 11
and also...
AES128 for Mozilla Firefox 35.0.1 APK on my Passport
The search box on top-right of this page is your true friend, and the public Knowledge Base too: -
Upgrading to 128-bit encryption
Hello,I would like to know what steps are necessary to upgrade to 128 bit SSL encryption from 40 bit?Currently we have a valid commercial license with key for Tengah/SSL, expiration=never.Any info is greatly appreciated.Thanks,Rick Ellmakeremail: [email protected]
Hi Arshad,
You have to make sure that you are using the domestic version of WLS(full
strength) and when weblogic
boots up it gets the correct license for SSL128. By any chance, if
configuration is wrong it will spit out
error message at srart up.
(NOTE : make sure you use domestic version of Service pack if needed.)
-utpal
"Arshad Aziz (Verizon)" <[email protected]> wrote in message
news:3c8e2136$[email protected]..
I currently have weblogic 5.1 running. Need to upgrade to 5.1 with 128 bitencryption. Already have the SSL and SSL128 Tenga keys for it. Alos have the
new build for the 128 bit.
>
Do, I just add these SSL128 keys to the existing PRODUCT keys that I haverunning on the machine after installing the new build ?? Or do I need new
Product keys for the 128 bit encryptions also. -
I just figured out that I turned this option on a while ago and that is why I could no longer synch photos to my iPhone 4, Apple tv or iPad. I turned it off and photos are synching again!!
Just reported it to Feedback.
So you can squeeze more music on but you give up photos.........Bonita,
There is a special 128 bit service pack for the 128 bit version of WLS 5.1.
Please contact support to get the 128 bit service pack. Whomever helps
you will need to verify that your company is qualified to receive the 128 bit
version.
Kaye -
Brand new to the iPad. It's asking for a password to the WiFi network in my home. There is no "password" as such associated with this WiFi network. It uses WEP 128 bit encryption where each byte is a hexadecimal number and is called a "key" Typing this lengthy thing in gives me no results. The iPad keeps on asking for a password. I have three computers and a DVD hooked to the network which has been working for a decade, so that's not the issue.
Basically I'm stuck not being able to get onto the WiFi system.iOS 6 Wifi Problems/Fixes
Fix For iOS 6 WiFi Problems?
http://tabletcrunch.com/2012/09/27/fix-ios-6-wifi-problems/
Did iOS 6 Screw Your Wi-Fi? Here’s How to Fix It
http://gizmodo.com/5944761/does-ios-6-have-a-wi+fi-bug
How To Fix Wi-Fi Connectivity Issue After Upgrading To iOS 6
http://www.iphonehacks.com/2012/09/fix-wi-fi-connectivity-issue-after-upgrading- to-ios-6.html
iOS 6 iPad 3 wi-fi "connection fix" for netgear router
http://www.youtube.com/watch?v=XsWS4ha-dn0
Apple's iOS 6 Wi-Fi problems
http://www.zdnet.com/apples-ios-6-wi-fi-problems-linger-on-7000004799/
~~~~~~~~~~~~~~~~~~~~~~~
Look at iOS Troubleshooting Wi-Fi networks and connections http://support.apple.com/kb/TS1398
iPad: Issues connecting to Wi-Fi networks http://support.apple.com/kb/ts3304
WiFi Connecting/Troubleshooting
http://www.apple.com/support/ipad/wifi/
How to Fix: My iPad Won't Connect to WiFi
http://ipad.about.com/od/iPad_Troubleshooting/ss/How-To-Fix-My-Ipad-Wont-Connect -To-Wi-Fi.htm
iOS: Connecting to the Internet
http://support.apple.com/kb/HT1695
iOS: Recommended settings for Wi-Fi routers and access points http://support.apple.com/kb/HT4199
Additional things to try.
Try this first. Turn Off your iPad. Then turn Off (disconnect power cord for 30 seconds or longer) the wireless router & then back On. Now boot your iPad. Hopefully it will see the WiFi.
Go to Settings>Wi-Fi and turn Off. Then while at Settings>Wi-Fi, turn back On and chose a Network.
Change the channel on your wireless router (Auto or Channel 6 is best). Instructions at http://macintoshhowto.com/advanced/how-to-get-a-good-range-on-your-wireless-netw ork.html
Another thing to try - Go into your router security settings and change from WEP to WPA with AES.
How to Quickly Fix iPad 3 Wi-Fi Reception Problems
http://osxdaily.com/2012/03/21/fix-new-ipad-3-wi-fi-reception-problems/
If none of the above suggestions work, look at this link.
iPad Wi-Fi Problems: Comprehensive List of Fixes
http://appletoolbox.com/2010/04/ipad-wi-fi-problems-comprehensive-list-of-fixes/
Fix iPad Wifi Connection and Signal Issues http://www.youtube.com/watch?v=uwWtIG5jUxE
Fix Slow WiFi Issue https://discussions.apple.com/thread/2398063?start=60&tstart=0
Unable to Connect After iOS Update - saw this solution on another post.
https://discussions.apple.com/thread/4010130
Note - When troubleshooting wifi connection problems, don't hold your iPad by hand. There have been a few reports that holding the iPad by hand, seems to attenuate the wifi signal.
~~~~~~~~~~~~~~~
If any of the above solutions work, please post back what solved your problem. It will help others with the same problem.
Cheers, Tom
Maybe you are looking for
-
Can I have an iphone 4 and iphone 4s on the same itunes account?
I have my husbands old i phone 4 and he has upgraded to the 4s, but the itunes account was created under my name for both phones. I just wanted to ensure that I don't lose my contacts again.
-
Can't update the software on my iPhone and iPod on iTunes
I know I've seen other topics about this problem, but I can't figure out what's wrong or how to fix it. Every time I connect my iPhone or iPod iTunes asks me if I would like to download and install the new software available for my devices, but it wo
-
How to use a macro with AAA Authorization set?
So! We have ACS version 4.1, and one goal is to start working on authorization sets for groups. I am able to get basic commands to work, but was curious about making a macro work without having to allow all of the commands that are actually contained
-
Hi This is regarding provision amount calucation : when we run the payroll every month , it should generate the provision amount for indeminty as 10% of basic in custom wage type - so please let me know how to write the PCR. regards Nalini
-
Using non_build_in data type in web service
Hi everybody, Can anyone tell me the process of using a data type which is not supported in java web services(data types such as "DATE",...)??? Any examples can be helpful. Thanks in advance